1. Field of the Invention
The present application relates to networking and, in some preferred embodiments, to methods and systems for secure multicasting and/or for managing keys for encryption and/or decryption, such as, e.g., related to multicast key distribution and/or the like.
2. General Background Discussion
Networks and Internet Protocol
There are many types of computer networks, with the Internet having the most notoriety. The Internet is a worldwide network of computer networks. Today, the Internet is a public and self-sustaining network that is available to many millions of users. The Internet uses a set of communication protocols called TCP/IP (i.e., Transmission Control Protocol/Internet Protocol) to connect hosts. The Internet has a communications infrastructure known as the Internet backbone. Access to the Internet backbone is largely controlled by Internet Service Providers (ISPs) that resell access to corporations and individuals. In this disclosure, the terminology network is used broadly and includes individual networks and multiple networks networked together.
With respect to IP (Internet Protocol), this is a protocol by which data can be sent from one device (e.g., a phone, a PDA [Personal Digital Assistant], a computer, etc.) to another device on a network. There are a variety of versions of IP today, including, e.g., IPv4, IPv6, Each host device on the network has at least one IP address that is its own unique identifier.
IP is a connectionless protocol. The connection between end points during a communication is not continuous. When a user sends or receives data or messages, the data or messages are divided into components known as packets. Every packet is treated as an independent unit of data.
In order to standardize the transmission between points over the Internet or the like networks, an OSI (Open Systems Interconnection) model was established. The OSI model separates the communications processes between two points in a network into seven stacked layers, with each layer adding its own set of functions. Each device handles a message so that there is a downward flow through each layer at a sending end point and an upward flow through the layers at a receiving end point. The programming and/or hardware that provides the seven layers of function is typically a combination of device operating systems, application software, TCP/IP and/or other transport and network protocols, and other software and hardware.
Typically, the top four layers are used when a message passes from or to a user and the bottom three layers are used when a message passes through a device (e.g., an IP host device). An IP host is any device on the network that is capable of transmitting and receiving IP packets, such as a server, a router or a workstation. Messages destined for some other host are not passed up to the upper layers but are forwarded to the other host. In the OSI and other similar models, IP is in Layer-3, the network layer.
Wireless Networks
Wireless networks can incorporate a variety of types of mobile devices, such as, e.g., cellular and wireless telephones, PCs (personal computers), laptop computers, wearable computers, cordless phones, pagers, headsets, printers, PDAs, etc. For example, mobile devices may include digital systems to secure fast wireless transmissions of voice and/or data. Typical mobile devices include some or all of the following components: a transceiver (i.e., a transmitter and a receiver, including, e.g., a single chip transceiver with an integrated transmitter, receiver and, if desired, other functions); an antenna; a processor; one or more audio transducers (for example, a speaker or a microphone as in devices for audio communications); electromagnetic data storage (such as, e.g., ROM, RAM, digital data storage, etc., such as in devices where data processing is provided); memory; flash memory; a full chip set or integrated circuit; interfaces (such as, e.g., USB, CODEC, UART, PCM, etc.); and/or the like.
Wireless LANs (WLANs) in which a mobile user can connect to a local area network (LAN) through a wireless connection may be employed for wireless communications. Wireless communications can include, e.g., communications that propagate via electromagnetic waves, such as light, infrared, radio, microwave. There are a variety of WLAN standards that currently exist, such as, e.g., Bluetooth, IEEE 802.11, and HomeRF.
By way of example, Bluetooth products may be used to provide links between mobile computers, mobile phones, portable handheld devices, personal digital assistants (PDAs), and other mobile devices and connectivity to the Internet. Bluetooth is a computing and telecommunications industry specification that details how mobile devices can easily interconnect with each other and with non-mobile devices using a short-range wireless connection. Bluetooth creates a digital wireless protocol to address end-user problems arising from the proliferation of various mobile devices that need to keep data synchronized and consistent from one device to another, thereby allowing equipment from different vendors to work seamlessly together. Bluetooth devices may be named according to a common naming concept. For example, a Bluetooth device may possess a Bluetooth Device Name (BDN) or a name associated with a unique Bluetooth Device Address (BDA). Bluetooth devices may also participate in an Internet Protocol (IP) network. If a Bluetooth device functions on an IP network, it may be provided with an IP address and an IP (network) name. Thus, a Bluetooth Device configured to participate on an IP network may contain, e.g., a BDN, a BDA, an IP address and an IP name. The term “IP name” refers to a name corresponding to an IP address of an interface.
An IEEE standard, IEEE 802.11, specifies technologies for wireless LANs and devices. Using 802.11, wireless networking may be accomplished with each single base station supporting several devices. In some examples, devices may come pre-equipped with wireless hardware or a user may install a separate piece of hardware, such as a card, that may include an antenna. By way of example, devices used in 802.11 typically include three notable elements, whether or not the device is an access point (AP), a mobile station (STA), a bridge, a PCMCIA card or another device: a radio transceiver; an antenna; and a MAC (Media Access Control) layer that controls packet flow between points in a network.
In addition, Multiple Interface Devices (MIDs) may be utilized in some wireless networks. MIDs may contain two independent network interfaces, such as a Bluetooth interface and an 802.11 interface, thus allowing the MID to participate on two separate networks as well as to interface with Bluetooth devices. The MID may have an IP address and a common IP (network) name associated with the IP address.
Wireless network devices may include, but are not limited to Bluetooth devices, Multiple Interface Devices (MIDs), 802.11x devices (IEEE 802.11 devices including, e.g., 802.11a, 802.11b and 802.11g devices), HomeRF (Home Radio Frequency) devices, Wi-Fi (Wireless Fidelity) devices, GPRS (General Packet Radio Service) devices, 3 G cellular devices, 2.5 G cellular devices, GSM (Global System for Mobile Communications) devices, EDGE (Enhanced Data for GSM Evolution) devices, TDMA type (Time Division Multiple Access) devices, or CDMA type (Code Division Multiple Access) devices, including CDMA2000. Each network device may contain addresses of varying types including but not limited to an IP address, a Bluetooth Device Address, a Bluetooth Common Name, a Bluetooth IP address, a Bluetooth IP Common Name, an 802.11 IP Address, an 802.11 IP common Name, or an IEEE MAC address.
Wireless networks can also involve methods and protocols found in, e.g., Mobile IP (Internet Protocol) systems, in PCS systems, and in other mobile network systems. With respect to Mobile IP, this involves a standard communications protocol created by the Internet Engineering Task Force (IETF). With Mobile IP, mobile device users can move across networks while maintaining their IP Address assigned once. See Request for Comments (RFC) 3344. NB: RFCs are formal documents of the Internet Engineering Task Force (IETF). Mobile IP enhances Internet Protocol (IP) and adds means to forward Internet traffic to mobile devices when connecting outside their home network. Mobile IP assigns each mobile node a home address on its home network and a care-of-address (CoA) that identifies the current location of the device within a network and its subnets. When a device is moved to a different network, it receives a new care-of address. A mobility agent on the home network can associate each home address with its care-of address. The mobile node can send the home agent a binding update each time it changes its care-of address using, e.g., Internet Control Message Protocol (ICMP).
In basic IP routing (i.e. outside mobile IP), typically, routing mechanisms rely on the assumptions that each network node always has a constant attachment point to, e.g., the Internet and that each node's IP address identifies the network link it is attached to. In this document, the terminology “node” includes a connection point, which can include, e.g., a redistribution point or an end point for data transmissions, and which can recognize, process and/or forward communications to other nodes. For example, Internet routers can look at, e.g., an IP address prefix or the like identifying a device's network. Then, at a network level, routers can look at, e.g., a set of bits identifying a particular subnet. Then, at a subnet level, routers can look at, e.g., a set of bits identifying a particular device. With typical mobile IP communications, if a user disconnects a mobile device from, e.g., the Internet and tries to reconnect it at a new subnet, then the device has to be reconfigured with a new IP address, a proper netmask and a default router. Otherwise, routing protocols would not be able to deliver the packets properly.
Multi-Hop Networking
In, for example, a packet-switching network, a hop is the trip a data packet takes from one node (e.g., router or intermediate point) to another node in the network. On the Internet (or another network that uses, e.g., TCP/IP), the number of hops a packet has taken toward its destination (called the “hop count”) may be kept in a packet header. Over the Internet and in some other networks, such as, e.g., in some mesh networks or the like, a multi-hop network is employed that may follow a multi-hop path between the source and the destination nodes, such as, e.g., by hopping between routers, etc., along the communication path.
In packet-switched networks such as the Internet, a router can be, e.g., a device or software in a computer that determines the next network point to which a packet should be forwarded to (e.g., to reach is ultimate destination). The router may be, e.g., connected to two or more networks and the router may decide which way to send each information packet based on its current understanding of the state of the network(s) it is connected to. A router can be located at, e.g., a gateway (e.g., where one network meets another). A router can also be included as part of a network switch.
A router may, in some examples, create or maintain a table of the available routes and their conditions and use this information along with, e.g., distance and cost algorithms to determine the best route for a given packet. In some common examples, a packet may travel through a number of network points with routers before arriving at its destination. Routing is typically a function associated with the network layer (i.e., layer 3) of the OSI model. In that regard, a layer-3 switch is a switch that can perform routing functions.
Multicast Key Distribution Problem
In multicasting, a distribution problem occurs in relation to security keys. In this section, the discussion of problems, etc., related to certain technologies is based on the present inventors' knowledge and is not submitted as representing knowledge within the art.
For background reference, multicasting involves transmitting a communication from a sender to multiple receivers on a network. Along with anycast and unicast (e.g., communication between a single sender and a single receiver over a network), multicast is one of the packet types in, e.g., the Internet Protocol Version 6 (IPv6). By way of example, multicast is supported through certain wireless data networks as part of, e.g., the Cellular Digital Packet Data technology. For further reference, keys include, e.g., a session key that is an encryption and decryption key. This key is randomly generated for the security of a communications session between, e.g., two devices or nodes. Session keys are sometimes referred to as symmetric keys (the same key can be used for both encryption and decryption). A session key may be derived, for example, from a hash value. During a session, the key is transmitted along with the message content. And, it is encrypted with a public key of the recipient. For security purposes, session keys are changed frequently.
The multicast key distribution problem focuses on ensuring that all the valid receivers of a multicast group possess the keys needed to decrypt the information. One approach to solve this problem is to assume the presence of an entity called the key server (KS) that distributes the group key to all users. But then, the problem faced by the key server is complicated on account of the dynamics associated with a multicast group where members can join as well as leave the group. In order to securely update the Session Encryption Key (SEK), typically each member would need to possess additional keys called the Key Encrypting Keys (KEK). Thus, a multicast key distribution problems focuses on ensuring that all the valid receivers possess both the right SEK as well as the KEKs and that these are changed in response to the group dynamics.
When dealing with large multicast groups, the service rendered by the key server (KS) needs to be designed such that it is scalable with respect to frequent key changes. After a member joins the group, the key server can send the new group key via unicast to the new member and via multicast to the existing members. The former is sent encrypted using the key shared between the joining member and the key server while the latter is encrypted using the previous group key. Similarly, after a member leaves the group, the new group key must be securely distributed by encrypting it with individual keys since the previous group key cannot be used. However, this simple approach is not scalable. The key graph approach [see, e.g., References 2, 3] has been proposed for scalable rekeying. In this approach, besides the group key and its individual key, each user is given several auxiliary keys. These auxiliary keys are used to facilitate rekeying. Key graph is a data structure that models user-key and key-key relationships. One important type of key graph is the key tree where key-key relationships are modeled as a tree.
This problem of building efficient key trees has received attention lately [see, e.g., References 2, 3]. The topology of the network will have to be considered while building the key trees. The network topology can be considered to be the combination of the last hop and the internal network. The last hop corresponds to the link between the user, who is the consumer of the information, and the router to which the user connects. The internal network corresponds to the various routers that receive and forward information belonging to this multicast group. A protocol such as, e.g., IGMP is typically used on the last hop while protocols such as, e.g., PIM-SM, CBT, etc., are typically used on the internal network. There has been some effort towards considering the topology of the internal network while building key trees [see, e.g., Reference 1]. On the other hand, there has been essentially no focus on the last hop while building key trees. However, the present inventors have found that the characteristics of the last hop also need to be accounted for while building the key tree. These characteristics include features such as, e.g., the ability to multicast, the ability to form a subnet, etc. These features will impact both performance in the form of the number of messages that will be sent on the last hop and security in the form of the revocation messages that reach endpoints for which they are not destined. These factors are especially important in cases where the last hop network involves wireless links, such as, e.g., for cellular networks, WLAN networks, etc.
In Reference 1, below, the authors consider the topology of an entire network. But the topology is considered only for building the tree. Leaf nodes of the tree are assumed to correspond to the multicast member. In many cases, the leaf nodes correspond to the gateways. So any member in the subnet would lead to traffic on the subnet. Thus, the approaches within the present application are complimentary to the approach in Reference 1.
Approaches that assume only a single trusted key server are proposed in References 1, 2 and 3. In these approaches, a user is given some auxiliary keys, besides the group key and the individual key, to reduce the server cost for rekeying. These approaches have been mainly focused on reducing the server costs for individual rekeying. In this regard, Reference 2 provides one of the earliest approaches to efficient member revocations using logical key heirarchies. In this approach, the onus of distributing the group key as well as all the auxiliary keys rests on the key server entity. References 6 and 7 refine the approach by allowing the members to autonomously compute some of the auxiliary keys—thus, reducing the distribution overhead. The messaging overhead in all cases is logarithmic in the number of members.
Reference 4 addressed the problem of batch rekeying and proposed using boolean function minimization techniques to facilitate batch rekeying. Their approach, however, has a collusion problem—namely, two users can combine their knowledge of keys to continue reading group communications, even after they leave the group. Reference 5 addressed the problem of keeping the key tree balanced. Their approach essentially was to add joins at the shallowest leaf nodes of the tree and to re-structure the tree periodically. Reference 5 also briefly described an algorithm for batch rekeying, in which joins replace leaves one by one, and if there are still extra joins, they are added to the shallowest leaf nodes of the tree one by one. Reference 5's objective is to keep the key tree balanced. However, in the more preferred embodiments described herein, the schemes assume the server has the capability to balance the key tree (e.g., to the extent possible).
In References 8 and 9, the authors have looked at the problem of making the key tree sensitive to the network topology in the context of ad-hoc networks. The focus in this case, however, is on key distribution with a focus on energy efficiency.    [Reference 1] S. Banerjee and B. Bhattacharjee, “Scalable Secure Group Communication over IP Multicast”, IEEE JSAC Sp. Issue on network support for group communication.    [Reference 2] D. Wallner, E. Harder, and Ryan Agee. Key Management for Multicast: Issues and Architectures RFC 2627, IETF, June 1999.    [Reference 3] Chung Kei Wong, Mohamed Gouda, and Simon S. Lam. Secure group communications using key graphs. In Proceedings of ACM SIGCOMM '98, September 1998.    [Reference 4] Isabella Chang, Robert Engel, Dilip Kandlur, Dimitrios Pendarakis, and Debanjan Saha. Key management for secure Internet multicast using boolean function minimization techniques. In Proceedings of IEEE INFOCOM '99, volume 2, March 1999.    [Reference 5] M. J. Moyer, J. R. Rao, and P. Rohatgi. Maintaining Balanced Key Trees for Secure Multicast, INTERNET-DRAFT, June 1999.    [Reference 6] R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas. Multicast security: A taxonomy and some efficient constructions. In Proc. INFOCOM '99, New York, N.Y., March 1999.    [Reference 7] P. Dinsmore D. M. Balenson M. Meyman P. S. Kruus C. D. Scace and A. T. Sherman, “Policy-Based Security Management for Large Dynamic Groups: An Overview of the DCCM Project,” Proc. DARPA Information Survivability Conf. and Exposition (DISCEX '00), pp. 64-73, January 2000    [Reference 8] L. Lazos and Radha Poovendran, “Cross-Layer Design for Energy-Efficient Secure Multicast Communications in Ad Hoc Networks,” IEEE International Conference on Communications (ICC), Jun. 20-24, 2004, Paris, France.    [Reference 9] Loukas Lazos, Javier Salido, Radha Poovendran, VP3: Using Vertex Path and Power Proximity for Energy Efficient Key Distribution, Invited Paper in IEEE VTC, 2004-Fall, Los Angeles, Calif.
While a variety of systems and methods are known, there remains a need for improved systems and methods.